New Threat: System Defragmenter

System Defragmenter is scam-ware that imitates a legitimate utility tool that will scan the system for hard drive and memory problems. It is installed through the typical method and uses the same techniques as antivirus rogue applications. It persuades the user to buy the fake program by warning of critical system errors that will surely alarm and grab his/her attention.

After scanning, it reports the following, which are hard coded fake errors:

To make this product look legitimate, it will even prompt you to start in safe mode and the product will initiate and attempt to fix the issue.

After assessing the system, it will still recommend that the user click the “Run defragmentation” button which will lead to the website where the user can buy the product.

Payment Link:

http://secure.defragmentetorstore.com/secure/payments/

PC Tools advises against entering any credit card information on these forms. Victims of this attack are strongly advised to immediately contact their credit card companies to dispute the anomalous transactions and ensure that there will be no future unauthorized charges.

Fake Malware Warnings

To make the user panic even more, for any executable files he/she launches, System Defragmenter will try to capture the process and prevent it from running. It will show the following error:

In normal windows mode, this scam-ware tricks you through what you are viewing in the program files and windows folders. In the program files folder you will see what the windows folder should contain and vice versa. Any attempt to open the subfolders and files in these folders will tell you that it is unavailable.

In order to cleanup System Defragmenter, the above files / folders and registry entries that were added would have to be removed. For the modified registry entries, restore them to their original value. It is advisable to do it in safe mode as the DLL component is hook in explorer.